Thomas Gerbet - Security Researcher - Exploit Intelligence Platform

CVE-2017-1000214 WRITEUP CRITICAL WRITEUP

GitPHP by xiphux - Command Injection

GitPHP by xiphux is vulnerable to OS Command Injections

CVSS 9.8

View Code

CVE-2021-41142 WRITEUP MEDIUM WRITEUP

Tuleap <12.11.99.25, <12.11-2 - XSS

Tuleap Open ALM is a libre and open source tool for end to end traceability of application and system developments. There is a cross-site scripting vulnerability in Tuleap Community Edition prior to 12.11.99.25 and Tuleap Enterprise Edition 12.11-2. A malicious user with the capability to add and remove attachment to an artifact could force a victim to execute uncontrolled code. Tuleap Community Edition 11.17.99.146 and Tuleap Enterprise Edition 12.11-2 contain a fix for the issue.

CVSS 5.4

View Code

CVE-2021-41147 WRITEUP HIGH WRITEUP

Tuleap <11.16.99.173 & <11.16-6 & <11.15-8 - SQL Injection

Tuleap Open ALM is a libre and open source tool for end to end traceability of application and system developments. Prior to version 11.16.99.173 of Community Edition and versions 11.16-6 and 11.15-8 of Enterprise Edition, an attacker with admin rights in one agile dashboard service can execute arbitrary SQL queries. Tuleap Community Edition 11.16.99.173, Tuleap Enterprise Edition 11.16-6, and Tuleap Enterprise Edition 11.15-8 contain a patch for this issue.

CVSS 7.2

View Code

CVE-2021-41148 WRITEUP HIGH WRITEUP

Tuleap <11.16.99.173 & <11.16-6 & <11.15-8 - SQL Injection

Tuleap Open ALM is a libre and open source tool for end to end traceability of application and system developments. Prior to version 11.16.99.173 of Community Edition and versions 11.16-6 and 11.15-8 of Enterprise Edition, an attacker with the ability to add one the CI widget to its personal dashboard could execute arbitrary SQL queries. Tuleap Community Edition 11.16.99.173, Tuleap Enterprise Edition 11.16-6, and Tuleap Enterprise Edition 11.15-8 contain a patch for this issue.

CVSS 8.8

View Code

CVE-2021-41154 WRITEUP HIGH WRITEUP

Tuleap <11.17.99.144 - SQL Injection

Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions an attacker with read access to a "SVN core" repository could execute arbitrary SQL queries. The following versions contain the fix: Tuleap Community Edition 11.17.99.144, Tuleap Enterprise Edition 11.17-5, Tuleap Enterprise Edition 11.16-7.

CVSS 8.8

View Code

CVE-2021-41155 WRITEUP HIGH WRITEUP

Tuleap <11.17.99.146 - SQL Injection

Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not sanitize properly user inputs when constructing the SQL query to browse and search revisions in the CVS repositories. The following versions contain the fix: Tuleap Community Edition 11.17.99.146, Tuleap Enterprise Edition 11.17-5, Tuleap Enterprise Edition 11.16-7.

CVSS 8.8

View Code

CVE-2021-41276 WRITEUP MEDIUM WRITEUP

Tuleap < 13.2.99.31 and 13.1-1-13.1-5 - LDAP Injection via User ldap_id Attribute

Tuleap is a Libre and Open Source tool for end to end traceability of application and system developments. In affected versions Tuleap does not sanitize properly the search filter built from the ldap_id attribute of a user during the daily synchronization. A malicious user could force accounts to be suspended or take over another account by forcing the update of the ldap_uid attribute. Note that the malicious user either need to have site administrator capability on the Tuleap instance or be an LDAP operator with the capability to create/modify account. The Tuleap instance needs to have the LDAP plugin activated and enabled for this issue to be exploitable. This issue has been patched in Tuleap Community Edition 13.2.99.31, Tuleap Enterprise Edition 13.1-5, and Tuleap Enterprise Edition 13.2-3.

CVSS 6.7

View Code

CVE-2021-43782 WRITEUP MEDIUM WRITEUP

Tuleap < 13.2.99.83 and 13.1-1-13.1-5 - LDAP Injection via User ldap_id Attribute

Tuleap is a Libre and Open Source tool for end to end traceability of application and system developments. This is a follow up to GHSA-887w-pv2r-x8pm/CVE-2021-41276, the initial fix was incomplete. Tuleap does not sanitize properly the search filter built from the ldap_id attribute of a user during the daily synchronization. A malicious user could force accounts to be suspended or take over another account by forcing the update of the ldap_uid attribute. Note that the malicious user either need to have site administrator capability on the Tuleap instance or be an LDAP operator with the capability to create/modify account. The Tuleap instance needs to have the LDAP plugin activated and enabled for this issue to be exploitable. The following versions contain the fix: Tuleap Community Edition 13.2.99.83, Tuleap Enterprise Edition 13.1-6, and Tuleap Enterprise Edition 13.2-4.

CVSS 6.7

View Code

CVE-2021-43806 WRITEUP HIGH WRITEUP

Tuleap < 13.2.99.155 and 13.1-1-13.1-6 - Authenticated SQL Injection in CVS Repository Commit Search

Tuleap is a Libre and Open Source tool for end to end traceability of application and system developments. In affected versions Tuleap does not sanitize properly user settings when constructing the SQL query to browse and search commits in the CVS repositories. A authenticated malicious user with read access to a CVS repository could execute arbitrary SQL queries. Tuleap instances without an active CVS repositories are not impacted. The following versions contain the fix: Tuleap Community Edition 13.2.99.155, Tuleap Enterprise Edition 13.1-7, and Tuleap Enterprise Edition 13.2-6.

CVSS 8.8

View Code

CVE-2022-31058 WRITEUP HIGH WRITEUP

Tuleap < 13.9.99.111 and 13.8.0-13.8.6 - Authenticated SQL Injection via Tracker Report Query

Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In versions prior to 13.9.99.95 Tuleap does not sanitize properly user inputs when constructing the SQL query to retrieve data for the tracker reports. An attacker with the capability to create a new tracker can execute arbitrary SQL queries. Users are advised to upgrade. There is no known workaround for this issue.

CVSS 7.2

View Code

CVE-2023-35929 WRITEUP MEDIUM WRITEUP

Tuleap <14.10.99.4-14.9.5 - Code Injection

Tuleap is a free and open source suite to improve management of software development and collaboration. Prior to version 14.10.99.4 of Tuleap Community Edition and prior to versions 14.10-2 and 14.9-5 of Tuleap Enterprise Edition, content displayed in the "card fields" (visible in the kanban and PV2 apps) is not properly escaped. A malicious user with the capability to create an artifact or to edit a field used as a card field could force victim to execute uncontrolled code. Tuleap Community Edition 14.10.99.4, Tuleap Enterprise Edition 14.10-2, and Tuleap Enterprise Edition 14.9-5 contain a fix.

CVSS 5.4

View Code

CVE-2023-38508 WRITEUP MEDIUM WRITEUP

Tuleap <14.11.99.28 & <14.10-6 & <14.11-3 - Info Disclosure

Tuleap is an open source suite to improve management of software developments and collaboration. In Tuleap Community Edition prior to version 14.11.99.28 and Tuleap Enterprise Edition prior to versions 14.10-6 and 14.11-3, the preview of an artifact link with a type does not respect the project, tracker and artifact level permissions. The issue occurs on the artifact view (not reproducible on the artifact modal). Users might get access to information they should not have access to. Only the title, status, assigned to and last update date fields as defined by the semantics are impacted. If those fields have strict permissions (e.g. the title is only visible to a specific user group) those permissions are still enforced. Tuleap Community Edition 14.11.99.28, Tuleap Enterprise Edition 14.10-6, and Tuleap Enterprise Edition 14.11-3 contain a fix for this issue.

CVSS 6.5

View Code

CVE-2023-39521 WRITEUP MEDIUM WRITEUP

Tuleap < 14.10-7 and < 14.11.99.82 - Stored Cross-Site Scripting in Card Fields

Tuleap is an open source suite to improve management of software developments and collaboration. In Tuleap Community Edition prior to version 14.11.99.28 and Tuleap Enterprise Edition prior to versions 14.10-6 and 14.11-3, content displayed in the "card fields" (visible in the kanban and PV2 apps) is not properly escaped. An agile dashboard administrator deleting a kanban with a malicious label can be forced to execute uncontrolled code. Tuleap Community Edition 14.11.99.28, Tuleap Enterprise Edition 14.10-6, and Tuleap Enterprise Edition 14.11-3 contain a fix for this issue.

CVSS 4.8

View Code

CVE-2023-48715 WRITEUP MEDIUM WRITEUP

Tuleap <15.2.99.103 - Code Injection

Tuleap is an open source suite to improve management of software developments and collaboration. Prior to version 15.2.99.103 of Tuleap Community Edition and prior to versions 15.2-4 and 15.1-8 of Tuleap Enterprise Edition, the name of the releases are not properly escaped on the edition page of a release. A malicious user with the ability to create a FRS release could force a victim having write permissions in the FRS to execute uncontrolled code. Tuleap Community Edition 15.2.99.103, Tuleap Enterprise Edition 15.2-4, and Tuleap Enterprise Edition 15.1-8 contain a fix for this issue.

CVSS 5.4

View Code

CVE-2024-25130 WRITEUP MEDIUM WRITEUP

Tuleap <15.5.99.76 - Info Disclosure

Tuleap is an open source suite to improve management of software developments and collaboration. Prior to version 15.5.99.76 of Tuleap Community Edition and prior to versions 15.5-4 and 15.4-7 of Tuleap Enterprise Edition, users with a read access to a tracker where the mass update feature is used might get access to restricted information. Tuleap Community Edition 15.5.99.76, Tuleap Enterprise Edition 15.5-4, and Tuleap Enterprise Edition 15.4-7 contain a patch for this issue.

CVSS 5.4

View Code

CVE-2024-26256 WRITEUP HIGH WRITEUP

libarchive < 3.7.4 - Remote Code Execution via Heap-based Buffer Overflow

Libarchive Remote Code Execution Vulnerability

CVSS 7.8

View Code

CVE-2024-30246 WRITEUP HIGH WRITEUP

Tuleap 14.11.99.34-15.7.99.5, 14.12-1-14.12-5 - Unauthenticated Information Disclosure and Data Deletion

Tuleap is an Open Source Suite to improve management of software developments and collaboration. A malicious user could exploit this issue on purpose to delete information on the instance or possibly gain access to restricted artifacts. It is however not possible to control exactly which information is deleted. Information from theDate, File, Float, Int, List, OpenList, Text, and Permissions on artifact (this one can lead to the disclosure of restricted information) fields can be impacted. This vulnerability is fixed in Tuleap Community Edition version 15.7.99.6 and Tuleap Enterprise Edition 15.7-2, 15.6-5, 15.5-6, 15.4-8, 15.3-6, 15.2-5, 15.1-9, 15.0-9, and 14.12-6.

CVSS 7.6

View Code

CVE-2024-37167 WRITEUP MEDIUM WRITEUP

Tuleap < 15.8-5 and < 15.9.99.97 - Improper Authorization

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Users are able to see backlog items that they should not see. This issue has been patched in Tuleap Community Edition version 15.9.99.97.

CVSS 4.3

View Code

CVE-2024-46980 WRITEUP MEDIUM WRITEUP

Tuleap < 15.12-6 and < 15.13.99.37 - Cross-Site Scripting via Artifact Link Type Forward Label

Tuleap is a tool for end to end traceability of application and system developments. Prior to Tuleap Community Edition 15.13.99.37, Tuleap Enterprise Edition 15.13-3, and Tuleap Enterprise Edition 15.12-6, a site administrator could create an artifact link type with a forward label allowing them to execute uncontrolled code (or at least achieve content injection) in a mail client. Tuleap Community Edition 15.13.99.37, Tuleap Enterprise Edition 15.13-3, and Tuleap Enterprise Edition 15.12-6 fix this issue.

CVSS 4.8

View Code

CVE-2025-27099 WRITEUP MEDIUM WRITEUP

Tuleap < 16.3-10 and < 16.4.99.1740067916 - Cross-Site Scripting via Tracker Name in Semantic Timeframe Deletion Message

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap allows cross-site scripting (XSS) via the tracker names used in the semantic timeframe deletion message. A tracker administrator with a semantic timeframe used by other trackers could use this vulnerability to force other tracker administrators to execute uncontrolled code. This vulnerability is fixed in Tuleap Community Edition 16.4.99.1740067916 and Tuleap Enterprise Edition 16.4-5 and 16.3-10.

CVSS 4.8

View Code

CVE-2025-27150 WRITEUP MEDIUM WRITEUP

Tuleap <16.4.99.1740492866, <16.3-11 - Info Disclosure

Tuleap is an Open Source Suite to improve management of software developments and collaboration. The password to connect the Redis instance is not purged from the archive generated with tuleap collect-system-data. These archives are likely to be used by support teams that should not have access to this password. The vulnerability is fixed in Tuleap Community Edition 16.4.99.1740492866 and Tuleap Enterprise Edition 16.4-6 and 16.3-11.

CVSS 5.3

View Code

CVE-2025-27156 WRITEUP MEDIUM WRITEUP

Tuleap < 16.3-11 and < 16.4.99.1740567344 - Cross-Site Scripting in Mass Email Feature

Tuleap is an Open Source Suite to improve management of software developments and collaboration. The mass emailing features do not sanitize the content of the HTML emails. A malicious user could use this issue to facilitate a phishing attempt or to indirectly exploit issues in the recipients mail clients. This vulnerability is fixed in Tuleap Community Edition 16.4.99.1740567344 and Tuleap Enterprise Edition 16.4-6 and 16.3-11.

CVSS 4.1

View Code

CVE-2025-27402 WRITEUP MEDIUM WRITEUP

Tuleap < 16.3-11 and < 16.4.99.1740414959 - Cross-Site Request Forgery in Tracker Fields Administrative Operations

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap is missing CSRF protections on tracker fields administrative operations. An attacker could use this vulnerability to trick victims into removing or updating tracker fields. This vulnerability is fixed in Tuleap Community Edition 16.4.99.1740414959 and Tuleap Enterprise Edition 16.4-6 and 16.3-11.

CVSS 4.6

View Code

CVE-2025-29766 WRITEUP MEDIUM WRITEUP

Tuleap < 16.4-8 and < 16.5.99.1741784483 - Cross-Site Request Forgery in Tracker Artifact Submission

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap has missing CSRF protections on artifact submission & edition from the tracker view. An attacker could use this vulnerability to trick victims into submitting or editing artifacts or follow-up comments. The vulnerability is fixed in Tuleap Community Edition 16.5.99.1741784483 and Tuleap Enterprise Edition 16.5-3 and 16.4-8.

CVSS 4.6

View Code

CVE-2025-30203 WRITEUP MEDIUM WRITEUP

Tuleap < 16.4-8 and < 16.5.99.1742562878 - Cross-Site Scripting via RSS Feed Widget

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap allows cross-site scripting (XSS) via the content of RSS feeds in the RSS widgets. A project administrator or someone with control over an used RSS feed could use this vulnerability to force victims to execute uncontrolled code. This vulnerability is fixed in Tuleap Community Edition 16.5.99.1742562878 and Tuleap Enterprise Edition 16.5-5 and 16.4-8.

CVSS 4.8

View Code